Use of BOTNET in Server Service Attacks - Essay Example

Full Paper BOTNETS Robot network or BOT NET is also known as a ‘Zombie army’ and is considered as a group of computers that are compromised and controlled by the hacker to attack a specific target (Botnet.2011). Likewise, these group of compromised computers will broadcast spam, relay unwanted emails, viruses or excessive request against any service associated with a specific network or server. The compromised zombie army is invaded by a Trojan, which is known as a remote application that installs itself within the system memory or kernel and provides data or connectivity to the hacker.

Moreover, Trojan is operational by initiating an Internet Relay Chat (IRC) that waits for any action from the hacker who has full control over the botnet (Rapoza, 2008). Apart from IRC, hackers utilize rootkits to compromise weak system with no updated security patches and have security loop holes that facilitate hacker’s objectives. As there are countless computers connected to the Internet, they use tools to capture and identify vulnerable systems and uses IP spoofing for (Spoofing.2011) manipulating the original IP addresses for gaining access in to the system.

Furthermore, these compromised systems are from different geographical locations, it is difficult to identity suspicious traffic, as it represents different time zones. As botnets are considered as a major player in a Denial of Service attacks, it can be prevented by honey pots and bastion hosts that will identify suspicious broadcast at the initial level. As mentioned previously, that a zombie army initiates flooding and broadcasting attacks from various locations to the specific target. The characteristic of this attack encompasses threats from distributed source and is known as distributed denial of service attacks (DDoS).

Computer network encyclopedia describes it, as the incorporation of hundreds or even thousands of computers that were previously compromised used for transmitting huge volume of unwanted traffic to the target. DDoS attacks are considered to be lethal in the world of Internet has imposes significant risks for businesses, governmental organizations, army networks etc. (Ghazali & Hassan, 2011) research on DDoS attacks has revealed vulnerabilities not only in the network architecture or infrastructure, but also in the protocol specifications along with Internet.

Exhibit 1.1 demonstrates types of flooding DDoS attacks along with protocols: Attack Name UDP Flood TCP Flood LorDAS Shrew Induced-Shrew Quiet Attack Rate High High Low Low Low Low Attack Traffic UDP Flow TCP Flow No information TCP Flow Optimistic ACK packets Short-lived, TCP flows Attack Target UDP or TCP clients UDP or TCP clients Application servers Routers in TCP Flow Internet Access, Routers Routers in TCP Flows Attack Goal Exhaust resources at target machines Consume Bandwidth Reduce availability and capability of servers Deny bandwidth TCP Flows, close session Dos at Internet access routers Reduce throughput Exhibit 1.

1 Source: (Ghazali & Hassan, 2011) High rate flood attacks: This type of attack is achieved by traffic generation from many machines that may be in total of hundreds or thousands dispersed globally. The flooding of unwanted traffic degrades the performance of the target system or network by utilizing all the resources (Ghazali & Hassan, 2011). Low rate flood attacks: This type of attack is not similar to a high rate flood attack, as the attacker broadcast intelligently constructed packets. These packets are designed to bypass traditional flood detectors by varying the traffic rate (Ghazali & Hassan, 2011).

Low Rate DoS Attack against Application Servers (LoRDAS): This type of attack targets iterative servers and augments its capacity against synchronized or iterative servers. Likewise, the LoRDAS attack utilizes the capacity of these servers by sending a broadcast intelligently so that the servers begin to process the request of the hacker and overloading the server to fulfill any new legitimate request (Ghazali & Hassan, 2011). Shrew attack: This type of attack silently denies the bandwidth of a TCP data steam.

Likewise, a short broadcast of large volume of traffic is generated for a limited time. This short burst artifice the TCP that the data stream is congestion and buffer of the targeted router overflows that result in packet drops (Ghazali & Hassan, 2011). Induced-shrew attack: this attack dominates a remote host that is called as a slave and the controller of this system or slave is called as a master. Likewise, the slave is responsible for attacking low rate broadcasts and must be incorporated with TCP i.e. any application or network service operating on the Internet or associated with file transfer service (Ghazali & Hassan, 2011).

References Botnet.(2011). Computer Desktop Encyclopedia, , 1. Denial of service attack.(2011). Computer Desktop Encyclopedia, , 1. Ghazali, K. W. M., & Hassan, R. (2011). Flooding distributed denial of service attacks-A review. Journal of Computer Science, 7(8), 1218-1223. Rapoza, J. (2008). Botnets vs. botnets Ziff Davis Enterprise. Spoofing.(2011). Computer Desktop Encyclopedia, , 1.